Security Incidents mailing list archives
RE: IE Malware / Spyware Control Methods
From: "Orlando Richards" <orlando.richards () ed ac uk>
Date: Wed, 12 Jan 2005 16:21:17 -0000
Meta question: does anyone know if [and if so, how] to use the security auditing machinery to figure out what a program needs? The usual situation is that you install a program [runas/admin] and then you try to run it from your limited account and it just won't run... I have this feeling that I should be able to turn on some sort of event logging or some such in XP and then just go to a log to see what the program tried to do that it was denied access to, but I haven't been able to figure out how to do it...
FileMon and RegMon from sysinternals usually do the trick. http://www.sysinternals.com/ntw2k/utilities.shtml -- Orlando.
Current thread:
- Re: IE Malware / Spyware Control Methods, (continued)
- Re: IE Malware / Spyware Control Methods Chris Krough (Jan 07)
- Re: IE Malware / Spyware Control Methods Harlan Carvey (Jan 07)
- Re: IE Malware / Spyware Control Methods Valdis . Kletnieks (Jan 10)
- Re: IE Malware / Spyware Control Methods Paul Laudanski (Jan 10)
- RE: IE Malware / Spyware Control Methods Paris E. Stone (Jan 07)
- RE: IE Malware / Spyware Control Methods Jose Nazario (Jan 07)
- Re: IE Malware / Spyware Control Methods Saad Kadhi (Jan 10)
- RE: IE Malware / Spyware Control Methods M. Shirk (Jan 10)
- RE: IE Malware / Spyware Control Methods Jeff Bryner (Jan 11)
- RE: IE Malware / Spyware Control Methods Bernie Cosell (Jan 12)
- RE: IE Malware / Spyware Control Methods Orlando Richards (Jan 12)
- RE: IE Malware / Spyware Control Methods Jose Nazario (Jan 07)
- RE: IE Malware / Spyware Control Methods David Gillett (Jan 10)
- Re: IE Malware / Spyware Control Methods gadgeteer (Jan 10)